WordPress is very popular, so most of the posts I found were about how to point to WordPress feed URLs, not how to redirect WP URLs to another system's. I found some Feedburner docs, but they were old and not quite appropriate.

mod_rewrite is powerful and complicated. I wanted to use the much simpler (and lower overhead) redirects provided by mod_alias.

WordPress uses Query Strings, which are not part of the normal URL space, and thus awkward to work with.

Thanks to #apache (particularly Sling) for a pointer in the right direction.

Here's what I ended up with in the .conf file for my www.extrapepperoni.com virtual host (yes, I realize I mapped some URLs that were never used, but I cannot go check what was available now that the old site is mothballed):

Dotclear is a slick new blogging package. It offers multiple blogs and native SSL support. The software and documentation are still actively being translated from French to English, and rather slim, but usable -- and the developers are actively working on it.

I spent some time getting it set up, and it looks quite good so far. Now that I have a working installation, I'm going to try moving my movie reviews into DC, and setting up a new blog for interesting links.

Post-Launch

I got Drupal 6.6 installed, and then someone suggested Acquia Drupal (more bundled modules, and it integrates with Acquia's brand-new network services and support). So I installed that. Not too bad, but definitely more involved than my original hosted one-click WordPress install.

Drupal's blogging is pretty basic, and it's not immediately obvious how to promote vhosts to top-level virtual hosts (probably mod_rewrite, which seems pretty central to Drupal). I'm not sure how easy it would be to hide the non-blog parts of Drupal I'm not interested in, and there's no WYSIWYG built-in. I like to write raw Markdown or HTML, but one of my goals is to make it easy to host blogs for friends & family, who generally want WYSIWIG. I found YUI Editor, but Yahoo is pretty confused about it today, and the instructions are lacking.

So for now, it looks like I'm going to set up 3 more personal WP blogs, and hope that in a year or two either WP-MU gets better SSL support, or Movable Type becomes more attractive. I guess I should try DotClear first, as they tell me it handle logins for multiple blogs through a shared site.

I looked at Movable Type, but found it complicated and problematic, and they really only offer a few themes, with color/banner graphic variations (in 2 and 3 column variants, though!). Also, their support system is pretty broken; they offer corporate support, which requires payment, and they have 2 different fora, but only one of them appears to be available for unpaid users. Very confusing, and I found a bunch of bugs (in the site, not in MT); also, I like to do a lot of testing, and then migrate from test to live, and they lack good support for moving blogs around.

Textpattern looked good, but I quickly found significant breakage and incompleteness.

I looked at WordPress MU, thinking perhaps I'd live with the security risks -- after all, this content is public. Unfortunately, WordPress' built-in SSL support requires the HTTPS URLs to match the HTTP URLs (except the scheme), but I don't have 6 free IPs for blog management. No, I don't want to use funky ports to make the SSL vhosts work. The Admin-SSL plug-in can use a different SSL prefix ("Shared SSL") with regular WordPress, but not under WordPress MU. I reported this as a bug, but don't expect a fix soon.

Now I'm looking at Drupal, which is supposed to be very flexible (and complicated); I suspect it can handle my SSL requirements, but don't know how good its blogging features are. Goldman stalled my investigation, but now that my job hunt is winding down, I should have a bit more time to figure it out.

If Drupal cannot do it, I will look at EE & MT again. If I cannot (bring myself to?) get them working, I'll probably stick with a bunch of separate WordPress blogs for now.

When Amy mentioned to Joyce (of Scarce) that she now has a blog, Joyce was amazed and impressed at how cutting-edge Amy is. There's definitely a geographical factor here, because at my picnic earlier the same day, we figured out that of the 6 adults and Julia present (all Brooklynites), every single one of us has a blog.

Devjani's is firewalled. Julia's Journal runs on hand-crafted HTML rather than blogging software, but that's because it dates back to mid-2002; I will move it over at some point. Sharon has two. In addition to Extra Pep, I edit Securosis.

Half because WordPress really needs to stay upgraded, and half in hopes of fixing the Admin-SSL bug which was blocking posting, I upgraded to WordPress 2.5, a compatible beta of Admin-SSL (now under new management), and a few other plug-ins.

Not knowing how well the upgrade would go, I did the safe thing -- I installed WP 2.5 separately from the live Extra Pepperoni site, installed and configured all the plugins I use (with my personal patches), created a new MySQL database, and configured everything, including a couple test comments (not as myself). After I got it working, I brought down the old site, moved the new one in place, reconnected it to the old MySQL DB (with all posts and comments), clicked the button to upgrade, and we're up.

Unfortunately, there's still a problem with comments. When I log into a new account to comment, I get a link to https://secure.reppep.com/wp-admin/profile.php, which is bogus; it needs to be https://secure.reppep.com/ep/wp-admin/profile.php. If you have an existing account (Tony), you might be able to login through https://secure.reppep.com/ep/wp-admin/ and comment, but it seems that viewing an actual post (which must be non-SSL) still loses its association with the login session, so you can visit the HTTP site as an anonymous user, or use the HTTPS site as your registered user, but the plaintext side has no access to comment, and the encrypted side doesn't show the posts you would want to comment on. Hopefully BCG will be able to fix the problem in Admin-SSL. He's already fixed the Preview function.

Also freaky: When I log into EP as a brand-new user (to comment), I get the Dashboard, telling me I (the brand-new user) have 184 posts. I didn't think Subscriber users saw the Dashboard, but the post count is definitely bogus.

A tip: Don't try to check out the WordPress source over AFP; the permissions weren't right, and the checkout couldn't complete; when I did it locally on the Linux server, there was no problem. I hadn't even noticed I was running "svn co" on the Mac instead of the server, but it was easy to fix once I noticed the cause.

pctony (congratulations on your Apache httpd PMC membership, Tony!) just informed me that comments here are broken. I knew Preview was broken, and am guessing that it's a problem with my configuration of Admin-SSL, but hadn't known it affected anyone other than myself. Admin-SSL in this configuration creates a disruption between the public (reading) side and the SSL-encrypted authenticated side, and preview & user logins for commenting both appear to be falling into that crack.

If I can't get Admin-SSL working this way, I'll come up with something else, although at this point I'm hoping Haris can tell me how to sort myself out.

In the meantime, I'm sorry for the inconvenience (especially Tony's).

His two suggestions were to quote the path in the UltraEdit installer, or to use "dir /x" in CMD.COM to find the DOS-style 8.3 pathname of the destination folder. Unfortunately, I seem to have been wrong about the cause for their installer's terribly vague "1925" error message, as I tried another viable path (not containing spaces) today, and UE failed to install there too. Perhaps it's a registry access issue -- I sent email to IDM Software, and hope they have a more useful suggestion than "become an administrator".

After DreamHost's breach 8 months ago, I was aggravated at their poor handling of the situation, but willing to give them the benefit of the doubt, and still happy with their low prices and flexible services.

I have moved Extra Pepperoni back onto my own hardware. I started blogging on Apple's Blojsom install, but gave up on Tiger Server for Blojsom (and Mailman) because the services kept silently shutting down, leaving me to notice they were disabled days or weeks later (no fault of Blojsom or Mailman -- Apple didn't do a good job porting SpamAssassin either). Bringing up a WordPress blog and mailing lists at DreamHost was easy and cheap, but that's no good if they are unsafe.

I'll look at moving a couple very light-duty Mailman lists off DH next, but the lists are so lightly used I'm not too concerned. There just isn't any confidential information on the mailing lists, aside from their tiny subscriber lists.

Ah, well. I now know much more about WordPress and MySQL than I cared too, but the setup wasn't too bad. I hadn't realized how many customizations and tweaks I made to WordPress until it came time to recreate them on my own system:

I've been using the customized Blojsom installation Apple provides in Mac OS X (Tiger) Server to host my blog and a few others. Unfortunately, it's not stable. Last week, it died several times, and I gave up on waiting for Apple to fix the problems in Leopard Server (expected early 2007).

I've migrated the blog (including all old my posts) to WordPress, hosted by DreamHost, at www.extrapepperoni.com. As a bonus, WordPress includes many more (interesting) themes than Apple's very small (and classy, but simple) set, and additional features which Apple doesn't provide. Unfortunately, Apple's customized Blojsom can't take advantage of the many designs people have developed for mainstream Blojsom, and its plugin architecture is broken as well.

The main advantage of Blojsom is that all posts are simple (pairs of) text files, while WordPress is based on a MySQL database. Fortunately, WordPress/DreamHost hide much of the complexity.

In addition to my blog, I'm moving a couple mailing lists to DreamHost, again because Apple's Mailman is unstable.